Processor privacy policy

This document will outline how we act as processor of the personal data. Feedbackly is 100% GDPR compliant – and more.

“We here at Feedbackly take our data security seriously. This why we put this page together so that you can have 100% clarity on how we handle your data. From this page you can find everything you need to understand how your data is handled.”

– Feedbackly team

In brief

Taking effect on 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) is one of the most important international legislative changes in data protection in decades. The purpose of the regulation is to increase the individual’s rights to manage and process their personal data and to harmonise legislation within the European Union.

Feedbackly is firmly committed to the new Data Protection Regulation and we have been studying it’s content and impact for a while already. In addition to complying with the regulation ourselves, it is important for us to help our customers with their compliance efforts. This goal will be achieved through training, instruction, and technical development of our software.

Feedbackly acts as a processor for its customers’ user and marketing data and processes personal data on behalf of its customers as agreed with them and based on their instructions.

Purpose of filing system

Feedbackly stores and processes personal data to enable service for its customers.

Feedbackly´s customers may use personal data for orders, credits, billing, recovery, contacts, transactions, customer enquiries, service development, reporting, marketing, user behaviour analysis, messaging with the users and other user/customer relationship management measures as well as measuring the feelings of the users.

Feedbackly customers may use the purchasing, transaction and location information in the filing system can also be used for profiling and targeting marketing activities and customer communications to make them more interesting to the registered users. Personal information is also used when sending newsletters, or when people attend events and other marketing activities.

If you have questions on how Feedbackly customers are processing your personal data you should contact them dirtectly and check their own privacy policies as controllers of your personal data.

Data content and information categories of the filing system

Data that can be used includes contact persons of the controller’s current or past customer organisations, persons with connections to the controller, Feedbackly service users, participants of Feedbackly events, or persons who approved the marketing.

The registry may contain data from following information categories relevant to the purpose of the use of the registry:

a) Basic information such as name and contact details (address, email address, telephone number) of the controller’s current or past customer organisations as well as their contact persons’ name and contact details

b) Information relating to the customer relationship between the controller and the registered persons, such as information on orders or appointments, possible direct marketing permits and prohibitions, and other communications between the parties, and related information

c) Data, including the first and last name, address, contact details, date of birth, position, employer, gender, mother tongue, username and password of a person registered in the controller’s Feedbackly service or its ancillary service, or information obtained through the application and the various functions contained therein, such as location and information the user has provided in the application

d) Transaction information from the controller’s website on different websites, information on behaviour on websites and other related category information, participation in events, information entered for events, contacts made with customer service, contacts made with other Feedbackly employees and services, and information related to subscribing to the newsletter.

e) First and last name of the person registered for the event, as well as possible contact details and information provided on the event. Registration information provided by the ered person may include the following: email address, phone number, address, birth date, allergy information, passport number or personal ID.

f) Purchase information attached to a certain ID which makes the person identifiable. This information can be e.g. the amount of a purchase basket, what a specific person has purchased, when and where the purchase has been made.

Regular sources of information

Information provided by the customers or potential customers of Feedbackly´s customers, customer data system and billing database, user and transaction information on websites, blogs and newsletters, information on customer relationship management and customer service systems, mobile application and Feedbackly service information, partners and companies and authorities offering personal information services. All the data sources are handled by the controller.

Regular disclosure of information

Filing system information can be shared with Feedbackly’s dealers or subcontractors when they are handling Feedbackly´s orders or providing services for Feedbackly.

Feedbackly can also outsource the processing of this data to companies within the European Union and the European Economic Area. These companies can process personal data to provide, for example, infrastructure and IT services, or other services.

We will only process personal data outside of the EU and EEA area with the consent of the respective customer.

Principles of filing system protection

The information is technically protected. Physical access to data is blocked by access control, as well as other security measures. Access to information requires adequate rights and multi-stage identification. Unauthorised access is also prevented by firewalls and technical protection. The filing system information can only be accessed by the processor, controller and by specially designated technical persons. Only designated persons have the right to process and maintain the filing system information. Users are bound by professional secrecy. The filing system is backed up safely and can be restored as needed. The level of secrecy is audited at recurring intervals either by external or internal auditing.

Information storage time

We store your personal information according to the applicable laws and only as long as required for the purposes described in this privacy policy and as approved by our customers as data controllers. When the purposes no longer exist we will erase your data.

The right to check and amend the filing system information

A person on the filing system has the right to check what information there is on him or her on the filing system The request must be made in writing to the controller. Data subject has the right to amend any incorrect information on the filing system. Feedbackly won´t offer access to their customers’ data that is processed by Feedbackly as per request. Instead all requests must be done straight to the controller of the data.

If you have any questions of you would like to post an inquiry of your data, please contact the company holding your data as the data controller. Feedbackly is only a data processor at this point. If you wish to inquiry what kind of data Feedbackly has in their marketing systems, CRM or other systems please set up and inquiry to support (at) feedbackly.com or read more about our controllers privacy policy.

Our support to you

Feedbackly’s team provides assistance in questions to do with the data protection regulation. In addition, our customer relations manager and customer service personnel provide user support and help with Feedbackly’s data protection features.